diff options
| author | Philip Guenther <guenther@cvs.openbsd.org> | 2016-07-14 05:55:09 +0000 |
|---|---|---|
| committer | Philip Guenther <guenther@cvs.openbsd.org> | 2016-07-14 05:55:09 +0000 |
| commit | 28d4992f851dc49b5d98e6bfd77e7517f03b3507 (patch) | |
| tree | 803f057174952615bb57d2a6601460af251cd921 /sys | |
| parent | 459430503e1b38161d2b432e58704502d68bdef5 (diff) | |
Prevent silly states via knotes on pids > 2^32 and on nonexistent signals.
ok tedu@
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/kern/kern_event.c | 5 | ||||
| -rw-r--r-- | sys/kern/kern_sig.c | 5 |
2 files changed, 8 insertions, 2 deletions
diff --git a/sys/kern/kern_event.c b/sys/kern/kern_event.c index 3010c198b37..b5ba9202f25 100644 --- a/sys/kern/kern_event.c +++ b/sys/kern/kern_event.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_event.c,v 1.73 2016/07/14 02:35:17 tedu Exp $ */ +/* $OpenBSD: kern_event.c,v 1.74 2016/07/14 05:55:08 guenther Exp $ */ /*- * Copyright (c) 1999,2000,2001 Jonathan Lemon <jlemon@FreeBSD.org> @@ -216,6 +216,9 @@ filt_procattach(struct knote *kn) (curproc->p_p->ps_pledge & PLEDGE_PROC) == 0) return pledge_fail(curproc, EPERM, PLEDGE_PROC); + if (kn->kn_id > PID_MAX) + return ESRCH; + pr = prfind(kn->kn_id); if (pr == NULL) return (ESRCH); diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c index 0d9eb786495..374e58d9bc4 100644 --- a/sys/kern/kern_sig.c +++ b/sys/kern/kern_sig.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_sig.c,v 1.201 2016/07/06 15:53:01 tedu Exp $ */ +/* $OpenBSD: kern_sig.c,v 1.202 2016/07/14 05:55:08 guenther Exp $ */ /* $NetBSD: kern_sig.c,v 1.54 1996/04/22 01:38:32 christos Exp $ */ /* @@ -1824,6 +1824,9 @@ filt_sigattach(struct knote *kn) { struct process *pr = curproc->p_p; + if (kn->kn_id >= NSIG) + return EINVAL; + kn->kn_ptr.p_process = pr; kn->kn_flags |= EV_CLEAR; /* automatically set */ |